terraform-example-foundation icon indicating copy to clipboard operation
terraform-example-foundation copied to clipboard

Published 20 hours ago verified publisher icon terraform-google-modules

Allow deploying more than one instance of the LZ under an organization

Open mromascanu123 opened this issue 1 year ago • 0 comments

TL;DR

If a deployment already completed under a folder, a 2'nd deployment under a different folder in the same organization will fail. Because some resources are deployed at the org level and their names are not suffix-randomized as is the case e.g. with project IDs. Deploying multiple instances, one by developer, is necessary for testing. When deploying 1-org in 2'nd deployment getting Error: Error creating NotificationConfig: googleapi: Error 409: Requested entity already exists

with google_scc_notification_config.scc_notification_config, on scc_notification.tf line 32, in resource "google_scc_notification_config" "scc_notification_config": 32: resource "google_scc_notification_config" "scc_notification_config" {

Error: Error waiting to create TagKey: Error waiting for Creating TagKey: Error code 6, message: generic::ALREADY_EXISTS: A TagKey with short name 'environment' already exists under parent 'organizations/946862951350'

with google_tags_tag_key.tag_keys["environment"], on tags.tf line 56, in resource "google_tags_tag_key" "tag_keys": 56: resource "google_tags_tag_key" "tag_keys" {

Terraform Resources

Resources like "google_access_context_manager_access_policy" or "google_tags_tag_key" have as parent "organizations/${var.parent_id}"
In case Terraform supports as parent only the organization then give an option to randomize the resource names to avoid conflicts

Detailed design

Randomize the names using a suffix. Intent already in 1-org/envs/shared/tags.tf - just randomize values : 
locals {
tags = {
    environment = {
      shortname   = "environment${local.key_suffix}"
      description = "Environment identification"
      values      = ["bootstrap", "production", "non-production", "development"]
    }
...
key_suffix  = var.create_unique_tag_key ? "-${random_string.tag_key_suffix.result}" : ""
}

resource "google_tags_tag_key" "tag_keys" {
  for_each = local.tags

  parent      = "organizations/${local.org_id}"
  short_name  = each.value.shortname
  description = each.value.description
}

Additional information

Similarly randomize resource name in 1-org/envs/shared/scc_notification.tf (right now hardcoded as below and defined at org level) resource "google_scc_notification_config" "scc_notification_config" { config_id = var.scc_notification_name organization = local.org_id

mromascanu123 avatar Mar 21 '24 18:03 mromascanu123